Sunday, March 10, 2019

Facebook Tracking

I realize there's lots of noise on the Internet about Facebook tracking you but I just wanted to show you what it really looks like.

I've posted before about how I try to sandbox Facebook. I'm not naive enough to think that's bulletproof but at least I'm trying.

Similarly, I NEVER click on a link in Facebook. As I suggested in the previous post, I right click and copy the link. Then I go over to another tab and paste the link.Then I go and delete all the characters starting with "?fbclid=".

Here's a recent example:
https://l.facebook.com/l.php?u=https%3A%2F%2Fgoo.gl%2FHoh4V9%3Ffbclid%3DIwAR1yCKf6gTjPq_YDl4Y-J37BZ7TIJZGXMvZvH8T9_Zn6OQf_gN0HMHp4kRM&h=AT1dP9OuIl5M0f_qB4pUFO3gx7feNV6B1whGiQYsb2QXb98_FfInyZf_H1u2BzGd15g61SR90EDeuHuljeRyLvmk6JyH_B4eVfEN30qN6ZO8d7o_uAZUyKqX4vqHE775UyKArv4Js_gcGEkBTU1p8gL84__GHE6Zv9zjA885LeHRoXSHCjvZ2SsPPRbmEjuWgkLFhmv_RNxkIW2iCoVIXjq_91x3aGNuRg5Cv26oCgHk0Jx6VYgFpGuhVWAhu22pYgHzvqFEej0iyjbvdJx3qNDxBXU9c57ggOrLcYf5rBp9zaW-RP5rxpZcmnC6RS5SRNbsVhCs1fjhGyI2ZVYfZJnR_WgeT_VgzuatreZLYzKMv9s2gajAttWgnM79qg28QFnADkQYaExt5CA1MotGiR1jCjgQP9nL1ImgQ3zTmNrlojfuzfHMzY9y7SExcHk8bMqvOU7KML1p--ds09Dbfi482AudxWzehwUdEYMUTWhQANMlLIDWBFbEzgeTyZqDD5HblobEqjYorDFd7aawWeIQhiQPIzWFarWKxXJrILwR6g4vhkP2WR_vpQ5P40IIxYmWF5zFrKdwcJpi4OaP4jkoErnnqUaeZrg4EOpho3tTJzu3Jb0xOzsX76SmgyCmMhym9o7bnKF5z7NIw2HLMIGHljlH
This URL is even encoded that further obfuscates what it's doing. I use a URL Decoder/Encoder to make it somewhat readable.
https://l.facebook.com/l.php?u=https://goo.gl/Hoh4V9?fbclid=IwAR1yCKf6gTjPq_YDl4Y-J37BZ7TIJZGXMvZvH8T9_Zn6OQf_gN0HMHp4kRM&h=AT1dP9OuIl5M0f_qB4pUFO3gx7feNV6B1whGiQYsb2QXb98_FfInyZf_H1u2BzGd15g61SR90EDeuHuljeRyLvmk6JyH_B4eVfEN30qN6ZO8d7o_uAZUyKqX4vqHE775UyKArv4Js_gcGEkBTU1p8gL84__GHE6Zv9zjA885LeHRoXSHCjvZ2SsPPRbmEjuWgkLFhmv_RNxkIW2iCoVIXjq_91x3aGNuRg5Cv26oCgHk0Jx6VYgFpGuhVWAhu22pYgHzvqFEej0iyjbvdJx3qNDxBXU9c57ggOrLcYf5rBp9zaW-RP5rxpZcmnC6RS5SRNbsVhCs1fjhGyI2ZVYfZJnR_WgeT_VgzuatreZLYzKMv9s2gajAttWgnM79qg28QFnADkQYaExt5CA1MotGiR1jCjgQP9nL1ImgQ3zTmNrlojfuzfHMzY9y7SExcHk8bMqvOU7KML1p--ds09Dbfi482AudxWzehwUdEYMUTWhQANMlLIDWBFbEzgeTyZqDD5HblobEqjYorDFd7aawWeIQhiQPIzWFarWKxXJrILwR6g4vhkP2WR_vpQ5P40IIxYmWF5zFrKdwcJpi4OaP4jkoErnnqUaeZrg4EOpho3tTJzu3Jb0xOzsX76SmgyCmMhym9o7bnKF5z7NIw2HLMIGHljlH
And notice that Facebook is not only passing a tracking ID along to the target site but using a redirect service (https://l.facebook.com) to launch it.

Once you eliminate all the tracking information, here's what you get:
https://goo.gl/Hoh4V9
Facebook is just evil.

No comments: